2019 State of Email Security Report
Actionable steps to improve your organization’s email security and cyber resilience.
You use email constantly. It’s the lifeblood of communication, commerce and exchange of ideas across your organization. Imagine trying to do your job in 2018 without it. It’s impossible, isn’t it? It’s just supposed to work, and when it doesn’t, everything you do comes to a screeching halt.
Perhaps because of this, email remains the most visible, vital and ultimately vulnerable area where cybercriminals launch attacks to steal valuable corporate information and financial resources. It should come as no surprise these attacks isn’t slowing down.
According to new research from Mimecast commissioned by Vanson Bourne, 90% of global organizations have seen the volume of phishing attacks rise or remain consistent over the last 12 months. It doesn’t matter where the organization is located, what industry they’re part of or how many employees. No one is immune, and it’s not a matter of “if” but “when.”
Many have accepted not only the occurrence of attacks but the fallout from them as a fait accompli: 59% of organizations in the same survey now expect to suffer a negative business impact from an email-borne attack this year.
Unfortunately, many organizations simply aren’t prepared for how to prevent an attack or protect vital corporate information during and after one.
As a business world today, many of us are stuck in the past when it comes to the evolving nature of the threats we face every day. Whenever we think we’re ahead of the attackers and cybercriminals, they find ways to put us further behind.
We’re failing at cybersecurity. Here’s why.
People Are the Weakest Cybersecurity Link
When it comes to email-borne attacks, organizations must realize the importance of training, educating and preparing the people who use email the most (i.e. everyone who works at your company). Attackers love to use email as the mechanism to attack precisely because of the human element: humans make mistakes, and those mistakes can lead to successful attacks.
It begins at the top. Nearly 40% of IT decision makers in the survey agreed that their CEO is a “weak link” in their security operation. The same percentage believe their CEO “undervalues the role of email security” as a key security program element.
Additionally, 20% said they’d experienced a C-level executive sending sensitive information via email in response to a phishing attack in the past 12 months.
But what about the folks carrying out the day-to-day work of the organization? You know, the ones who depend on email to do just about everything? They must be trained to take the risk presented by email threats seriously. Yet time and again, this doesn’t happen.
Just 11% of organizations continuously train employees on how to spot cyberattacks. While 24% say they do monthly training, 52% only train employees once a year or quarter.
Why Defense-Only Email Security is Destined to Fail
Hackers are just too good, too clever and too advanced these days for a defense-only email security strategy to truly work. This is the approach that comes with putting all your security eggs in one basket with a platform like Microsoft Office 365™. Blindly putting your faith in your email service provider and its email security capabilities is a strategy doomed to lead to vulnerability.
They simply don’t provide all the security capabilities to keep an event from happening, the protection capabilities to preserve your critical email data, and perhaps most importantly for your employees, to keep your email going when there’s an cyberattack, technical failure or planned downtime.
The importance of having a high-availability solution in place is probably why 46% of organizations in the survey think maintaining email uptime is critical for business continuity after an cyberattack. You need more than just security to maintain that uptime.
Your Cyber Resilience Action Plan
If you feel like you’ve got a long road ahead to get your organization from cybersecurity failure to success, don’t panic. We’ve got an action plan you can follow to get started.
Cyber resilience for email doesn’t have to be a dream. It’s here.
Get all the latest news, tips and articles delivered right to your inbox
You will receive an email shortly